European payment infrastructure provider, SIA recently integrated INFORM’s real-time fraud prevention solution into its platform for the benefit of their financial, corporate and retail clients. We asked Gabriele Boni, Financial Institutions Division Director, SIA and Dr. Andreas Meyer, EVP Risk & Fraud Division, INFORM about the future of online payments and combating fraud in an increasingly digital world.
Interview with Gabriele Boni and Dr. Andreas Meyer
Q: As a leading innovator in Europe, SIA has invested in several online payment technologies. What does the innovation landscape look like over the near-term?
GB: The future is increasingly instant. We launched Jiffy, a real-time P2P money transfer service via mobile phone, in Italy last year. It’s based on SEPA standards and more than 50 banks, representing around 80 percent of bank accounts in Italy, have already adopted the service. Jiffy address low-value payments, which I think is also critical. Our roadmap includes Person-to-Business for retail payments and Person- to-Government for tax or public sector payments.
Q: What would you say is the biggest concern for banks and e-commerce merchants?
GB: Banks are driving towards digital — they want to engage more with consumers via innovative channels. On that basis, card- not-present fraud remains the biggest risk for everyone: banks, consumers and e-commerce merchants.
SIA’s ambition is to become Europe’s leading payment hub for nancial markets. So, we’re working with partners to develop a suite of fraud prevention solutions to support our nancial institutions, corporate and large retail clients. These include one-time passcode for e-commerce transactions, tokenisation and real-time fraud monitoring via RiskShield from INFORM. We really want to be a centre of excellence for these types of services.
Q: Instant payment will increase the speed of payments for consumers and small businesses, but how do you strike the right balance between speed, convenience and security?
GB: Well, this is top-of-mind at the moment as we’ve recently signed a letter of intent with EBA CLEARING for the development of a pan-European infrastructure for real- time payments. From our experience with Jiffy, we have identi ed three main areas of security. Firstly, there’s the back-end central monitoring system, which allows us to provide rules-based alerts to our clients based on our overview of all payments across the service. Secondly, there are security guidelines for the banks with regard to the authentication of end-users and so on. Finally, we provide security for the SDK with a digital signature to avoid man-in-the-middle attacks.
SIA manages about 10 billion clearing transactions and 3.3 billion card payments annually in 17 European countries. We found in RiskShield the innovative anti-fraud solution that could match our strategic ambition and deliver a robust and reliable service.
Gabriele Boni, Financial Institutions Division Director, SIA
AM: People often see instant payments as a trade-off between convenience and security. But I think it’s more about finding the right balance using a sophisticated, customer-centric transaction monitoring system. The alternative would be introducing security through an IT layer, for example giving consumers a device to digitally sign transactions. However, this may decrease convenience and increase cost for banks in having to supply additional devices. One of the main challenges of anti-fraud solutions for instant payments is making the system fast enough. With a real-time payment system, the fraud — and any losses — are also happening in real-time. You may only have milliseconds to decide on a transaction.
At INFORM we are able to supply technology to detect fraud patterns within huge volumes of data quickly, using self-learning, predictive analytics and suggestive intelligence techniques.
Q: RiskShield is a key part of SIA’s fraud prevention service, what attracted you to RiskShield in the first instance?
GB: RiskShield is a very powerful, robust system able to analyse huge transaction volumes within milliseconds. Considering that we manage about 10 billion clearing transactions and 3.3 billion card payments annually, we were looking for a strong solution and with RiskShield we have selected the best technology.
We also liked INFORM’s approach. In developing a proof of concept with us to demonstrate system capability, they worked with us like a partner before becoming an actual partner. This was one of the key points that helped us decide on INFORM. Another important reason is their expertise and experience in fraud prevention. INFORM has a long track record of implementing anti-fraud solutions at banks and PSPs and they clearly know what they are talking about.
Q: Cybercrime has become a huge problem for the financial services industry and the public. What is INFORM’s view on the measures needed to tackle this problem?
GB: Cybercrime is gaining momentum within digital and technical areas and should be taken seriously within any company. At SIA, we have a centralised approach for fraud monitoring and set up a dedicated internal department to focus on this.
AM: Cyberattacks are becoming more sophisticated. With advanced persistent threats, for example, deploying malware into the bank environment is only the first stage to gather information about bank systems and employee behaviour. The real attack is launched as the second stage.
To detect such attacks, you really need a holistic, omni-channel view, which considers financial transactions as well as external data sources and log data to model what is normal. This helps flag what is abnormal.
We are pleased to join forces with SIA in the fight against financial crime. We are confident that our award-winning anti-fraud solution will be instrumental to SIA’s strategic plans and look forward to partnering with them for the long-term.
As a security provider, you don’t necessarily know what types of data or sources you will have to consider, because you don’t know what fraud or attack patterns you will see in the future. What’s more, with online and mobile banking, you don’t have standardised data interfaces unlike in the card payment area. The best approach is to be flexible by design — to react to any data or any source, but also to allow quick deployment within the bank.
Q: As both SIA and INFORM aim to deliver the best possible security and payment experience, it seemed a logical decision to partner. What does the future hold for the partnership?
GB: The future is already here. We are reviewing the current fraud prevention mechanisms in place with a view to implementing INFORM’s centralised solution, not just for cards, but for payments more generally and compliance. We are really looking to extend the INFORM partnership to other services that SIA provides and manages. We want to work together to attract more customers and make them feel safe, secure and in control.
AM: We are focused on the mission and strategies of SIA, namely extending business for clients at an acceptable risk. We are working together with SIA in new areas, such as compliance where the rules and regulations are becoming more complex and changing more regularly. Our agile approach will help achieve compliance with less impact on staff and overall costs to the direct benefit of SIA’s clients.